PFS: Probabilistic filter scheduling against distributed denial-of-service attacks

Dongwon Seo, Heejo Lee, Adrian Perrig

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    13 Citations (Scopus)

    Abstract

    Distributed denial-of-service (DDoS) attacks continue to pose an important challenge to current networks. DDoS attacks can cause victim resource consumption and link congestion. A filter-based DDoS defense is considered as an effective approach, since it can defend against both attacks: victim resource consumption and link congestion. However, existing filter-based approaches do not address necessary properties for viable DDoS solutions: how to practically identify attack paths, how to propagate filters to the best locations (filter routers), and how to manage many filters to maximize the defense effectiveness. We propose a novel mechanism, termed PFS (Probabilistic Filter Scheduling), to efficiently defeat DDoS attacks and to satisfy the necessary properties. In PFS, filter routers identify attack paths using probabilistic packet marking, and maintain filters using a scheduling policy to maximize the defense effectiveness. Our experiments show that PFS achieves 44% higher effectiveness than other filter-based approaches. Furthermore, we vary PFS parameters in terms of the marking probability and deployment ratio, and find that 30% marking probability and 30% deployment rate maximize the attack blocking rate of PFS.

    Original languageEnglish
    Title of host publicationProceedings of the 36th Annual IEEE Conference on Local Computer Networks, LCN 2011
    Pages9-17
    Number of pages9
    DOIs
    Publication statusPublished - 2011
    Event36th Annual IEEE Conference on Local Computer Networks, LCN 2011 - Bonn, Germany
    Duration: 2011 Oct 42011 Oct 7

    Publication series

    NameProceedings - Conference on Local Computer Networks, LCN

    Other

    Other36th Annual IEEE Conference on Local Computer Networks, LCN 2011
    Country/TerritoryGermany
    CityBonn
    Period11/10/411/10/7

    Keywords

    • DDoS attack defense
    • Network security
    • filter scheduling
    • router-based filtering

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture

    Fingerprint

    Dive into the research topics of 'PFS: Probabilistic filter scheduling against distributed denial-of-service attacks'. Together they form a unique fingerprint.

    Cite this